Rootless + updates (#44)

* Limit the number of tags we list

- versions bumps
- update GH workflows
- add tests
- fix justfile

fix #30 
fix #38

* Fix and add tests

* Switch to Rust 1.60

* Fix ACL

* Remove unrequired folder

* Switch to a user install of Rust

* Fix to allow properly detecting source type

* Fix tests

* Add container-structure-test to CI (failing on purpose in this commit)

* Fixes and cleanup, remove rustc stable

* Fix test

* Prep to allow other profiles than `release`

* Change version to 0.9.21

* Rust 1.61, Ubuntu 22

* Upgrade to Rust 1.62.0

* Add new image tag

* Remove bridges

* Bump versions

* Cleanup

Author: chevdor

.github/workflows/manual-acala.yml

@@ -1,14 +1,14 @@
 name: Manual Build - Acala
 
 env:
-  SUBWASM_VERSION: 0.17.0
+  SUBWASM_VERSION: 0.18.0
 
 on:
   workflow_dispatch:
     inputs:
       srtool_tag:
         description: The SRTOOL tag to use
-        default: 1.60.0
+        default: 1.62.0
         required: false
       ref:
         description: The ref to be used for the repo

.github/workflows/manual-bridges.yml

@@ -1,14 +1,14 @@
 name: Manual Build - Cumulus
 
 env:
-  SUBWASM_VERSION: 0.17.0
+  SUBWASM_VERSION: 0.18.0
 
 on:
   workflow_dispatch:
     inputs:
       srtool_tag:
         description: The SRTOOL tag to use
-        default: 1.60.0
+        default: 1.62.0
         required: false
       ref:
         description: The ref to be used for the repo

.github/workflows/manual-cumulus.yml

@@ -1,14 +1,14 @@
 name: Manual Build - Moonbeam
 
 env:
-  SUBWASM_VERSION: 0.17.0
+  SUBWASM_VERSION: 0.18.0
 
 on:
   workflow_dispatch:
     inputs:
       srtool_tag:
         description: The SRTOOL tag to use
-        default: 1.60.0
+        default: 1.62.0
         required: false
       ref:
         description: The ref to be used for the repo

.github/workflows/manual-moonbeam.yml

@@ -1,14 +1,14 @@
 name: Manual Build - Polkadot
 
 env:
-  SUBWASM_VERSION: 0.17.0
+  SUBWASM_VERSION: 0.18.0
 
 on:
   workflow_dispatch:
     inputs:
       srtool_tag:
         description: The SRTOOL tag to use
-        default: 1.60.0
+        default: 1.62.0
         required: false
       ref:
         description: The ref to be used for the repo

.github/workflows/manual-polkadot.yml

@@ -1,14 +1,14 @@
 name: Manual Build - Shiden
 
 env:
-  SUBWASM_VERSION: 0.17.0
+  SUBWASM_VERSION: 0.18.0
 
 on:
   workflow_dispatch:
     inputs:
       srtool_tag:
         description: The SRTOOL tag to use
-        default: 1.60.0
+        default: 1.62.0
         required: false
       ref:
         description: The ref to be used for the repo

.github/workflows/manual-shiden.yml

@@ -1,14 +1,14 @@
 name: Manual Build
 
 env:
-  SUBWASM_VERSION: 0.17.0
+  SUBWASM_VERSION: 0.18.0
 
 on:
   workflow_dispatch:
     inputs:
       srtool_tag:
         description: The SRTOOL tag to use
-        default: 1.60.0
+        default: 1.62.0
         required: false
       srtool_image:
         description: The SRTOOL image to use

.github/workflows/manual.yml

@@ -76,6 +76,49 @@ jobs:
             echo $VERSION
           fi
 
+  container-structure-test:
+    runs-on: ubuntu-latest
+    needs: build
+    continue-on-error: false
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Show files
+        run: |
+          ls -al
+
+      - name: Cache the image
+        uses: actions/cache@v2
+        with:
+          key: srtool-docker-image-${{ github.sha }}
+          path: |
+            srtool.tar.gz
+
+      - name: Install tooling
+        run: |
+          curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 && \
+            chmod +x container-structure-test-linux-amd64 && \
+            mkdir -p $HOME/bin && \
+            export PATH=$PATH:$HOME/bin && \
+            mv container-structure-test-linux-amd64 $HOME/bin/container-structure-test
+          echo "Installed version:"
+          container-structure-test version
+
+      - name: Load Docker image
+        run: |
+          docker load -i srtool.tar.gz
+          docker images --digests
+
+      - name: Run the tests
+        run: |
+          export PATH=$PATH:$HOME/bin
+          TESTS=$(find tests -type f | sed -e 's/^/ --config /g' | tr -d '\n')
+          echo "Running tests:"
+          find tests -type f
+          container-structure-test test --image srtool --verbosity info ${TESTS}
+
   polkadot:
     runs-on: ubuntu-latest
     needs: build
@@ -124,6 +167,19 @@ jobs:
             echo $INFO
           fi
 
+      - name: Run some debug
+        env:
+          PACKAGE: ${{ matrix.chain }}-runtime
+          RUNTIME_DIR: runtime/${{ matrix.chain }}
+        working-directory: polkadot
+        run: |
+          ls -al runtime || true
+          ls -al runtime/${{ matrix.chain }} || true
+          id -u runner || true
+          id -g runner || true
+          id -u docker || true
+          docker info --format "{{ .ClientInfo.Context }}"
+
       - name: Run srtool build for ${{ matrix.chain }}
         id: srtool_build
         env:

.github/workflows/tests.yml

@@ -1,61 +1,69 @@
-FROM docker.io/library/ubuntu:20.04
+FROM docker.io/library/ubuntu:22.04
 
 LABEL maintainer "[email protected]"
 LABEL description="This image contains tools for Substrate blockchains runtimes."
 
-ARG RUSTC_VERSION="1.60.0"
+ARG RUSTC_VERSION="1.62.0"
 ENV RUSTC_VERSION=$RUSTC_VERSION
 ENV DOCKER_IMAGE="paritytech/srtool"
 ENV PROFILE=release
 ENV PACKAGE=polkadot-runtime
+ENV BUILDER=builder
+ARG UID=1001
+ARG GID=1001
+
+ENV SRTOOL_TEMPLATES=/srtool/templates
+
+RUN groupadd -g $GID $BUILDER && \
+    useradd --no-log-init  -m -u $UID -s /bin/bash -d /home/$BUILDER -r -g $BUILDER $BUILDER
+RUN mkdir -p ${SRTOOL_TEMPLATES} && \
+    mkdir /build && chown -R $BUILDER /build && \
+    mkdir /out && chown -R $BUILDER /out
 
-RUN mkdir -p /cargo-home /rustup-home /srtool/templates
 WORKDIR /tmp
-ENV RUSTUP_HOME="/rustup-home"
-ENV CARGO_HOME="/cargo-home"
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Tooling
-ARG SUBWASM_VERSION=0.17.0
+ARG SUBWASM_VERSION=0.18.0
 ARG TERA_CLI_VERSION=0.2.1
 ARG TOML_CLI_VERSION=0.2.1
 
-# We first init as much as we can in the first layers
-COPY ./scripts/init.sh /srtool/
-COPY ./templates /srtool/templates/
+COPY ./templates ${SRTOOL_TEMPLATES}/
 RUN apt update && \
     apt upgrade -y && \
     apt install --no-install-recommends -y \
         cmake pkg-config libssl-dev make \
         git clang bsdmainutils ca-certificates curl && \
     curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 --output /usr/bin/jq && chmod a+x /usr/bin/jq && \
-    curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUSTC_VERSION -y && \
     rm -rf /var/lib/apt/lists/* /tmp/* && apt clean
 
-ENV PATH="/srtool:/cargo-home/bin:$PATH"
-RUN export PATH=/cargo-home/bin:/rustup-home:$PATH && \
-    git config --global --add safe.directory /build && \
-    /srtool/init.sh && \
-    curl -L https://github.com/chevdor/subwasm/releases/download/v${SUBWASM_VERSION}/subwasm_linux_amd64_v${SUBWASM_VERSION}.deb --output subwasm.deb && dpkg -i subwasm.deb && subwasm --version && \
+RUN curl -L https://github.com/chevdor/subwasm/releases/download/v${SUBWASM_VERSION}/subwasm_linux_amd64_v${SUBWASM_VERSION}.deb --output subwasm.deb && dpkg -i subwasm.deb && subwasm --version && \
     curl -L https://github.com/chevdor/tera-cli/releases/download/v${TERA_CLI_VERSION}/tera-cli_linux_amd64.deb --output tera_cli.deb && dpkg -i tera_cli.deb && tera --version && \
     curl -L https://github.com/chevdor/toml-cli/releases/download/v${TOML_CLI_VERSION}/toml_linux_amd64_v${TOML_CLI_VERSION}.deb --output toml.deb && dpkg -i toml.deb && toml --version && \
-    mv -f /cargo-home/bin/* /bin && \
-    touch /cargo-home/env && \
-    mkdir /out && \
-    rustup show && rustc -V
-
-# We copy the .cargo/bin away for 2 reasons.
-# - easier with paths
-# - mostly because it allows using a volume for .cargo without 'missing' the cargo bin when mapping an empty folder
-
-# RUN echo 'export PATH="/srtool/:$PATH"' >> $HOME/.bashrc
+    rm -rf /tmp/*
 
-# we copy those only at the end which makes testing of new scripts faster as the other layers are cached
 COPY ./scripts/* /srtool/
 COPY VERSION /srtool/
 COPY RUSTC_VERSION /srtool/
 
-VOLUME [ "/build", "/cargo-home", "/out" ]
+USER $BUILDER
+ENV RUSTUP_HOME="/home/${BUILDER}/rustup"
+ENV CARGO_HOME="/home/${BUILDER}/cargo"
+ENV PATH="/srtool:$PATH"
+
+RUN echo $SHELL && \
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y && \
+    . $CARGO_HOME/env && \
+    rustup toolchain add stable ${RUSTC_VERSION} && \
+    rustup target add wasm32-unknown-unknown --toolchain $RUSTC_VERSION && \
+    chmod -R a+w $RUSTUP_HOME $CARGO_HOME && \
+    rustup show && rustc -V
+
+RUN git config --global --add safe.directory /build && \
+    /srtool/version && \
+    echo 'PATH=".:$HOME/cargo/bin:$PATH"' >> $HOME/.bashrc
+
+VOLUME [ "/build", "$CARGO_HOME", "/out" ]
 WORKDIR /srtool
 
 CMD ["/srtool/build"]